The changes in the way Windows polices itself – particularly the newly strengthened firewall – could cause troubles for applications that are used to working with Windows’ old ways. Security experts say it’s tough to know how many companies may have to change their products to be compatible. However, to bring good overall security to Windows, these sacrifices needed to be made.
Companies brace for Microsoft update
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
MS is doing a very responsible job here. This needs to be done. The Personal Firewall will cause most headaches. Then turned on, it may be difficult for an administrator to control an employee pc. I don’t know if this personal firewall is really a great idea inside a corporate netwerk, but again – it is needed. If a worm / virus / whatever is already inside the corporate network (laptops do physically bypass the corporate firewall) then all pc’s need to be protected by a small firewall. Now, the MS personal firewall isn’t the best of breed – i would prefer zonealarm – but it’s still much better than nothing, and you can select your firewall in the security control center in the control panel. Newer versions of zonealarm will be detected by SP2 (as will other firewalls and anti-virus programs).
The firewall blockes incomming ICMP type 8 (ping). Ping is simply the most used diagnostic tool in use to day, and for the most part, is being stripped from SP2. Sure it can easilly be enabled, but tell that to people walking end users through it over the phone.
Nobody is going to get hacked with ping. Worst case scenerio for this is going to be if it creates problems with DHCP. There are many crappy dhcp clients out there. An example is the router I use, it will only renew the IP address for maybe a couple weeks without being rebooted. It will also continue to use the IP address past the IP lease time.
I had to configure it to allow ping, because Adelphia’s DHCP server will ping the (expired) IP before handing it out to someone else (2 devices, same IP), which is the only reason it does not cause problems.
So, being that most people use DHCP, and ping is now blocked, people are dependent on Microsofts dhcp client never failing renewals, or never using IP’s past the expire time.
I know better.
wow, scary… disabling ping sounds like horror to me…
jim, you are right about ping, it’s a very useful tool while it doesn’t have much impact on security
that’s the problem with MS, they are just overreacting because they not really know about security in the first place. some time ago i emailed a MS support employee. i could not send a .txt attachemnt – all attachments were prohibited because they were afdraid of viruses. now i ask you, a text attachment….
that’s the problem with MS, they are just overreacting because they not really know about security in the first place
I agree, they got where they are today because of having services like PnP, RPC in listening state by fefault. Even with patch after patch to fix remote vulneribilities, none of them bothered to just dissable any of the services, which should have been step one.
So instead of dissabling them (think hardware sales), they just add another layer (the firewall) to prevent connections to them. Problem solved.
A client operating system shouldn’t have to need a firewall in the fist place.
About the SP… I suspect that many companies will use it as a driver for upgrading. Not to totally new versions, but just that only the latest versions would be patched. 5% of all the software published for Windows is a ton of software.
People that use AOL should be banned.
Oh, that’s about as reasonable as saying that kids can’t use training wheels to learn to ride bikes.
But as long as we’re talking wishes and fairies and cake, why not just go to the source and ban malicious people? About as easy to enforce.
I was always under the impression that firewalls are a _second_ line of defence and the primary responsibility of security lies with the application itself. If you are running a secure operating system and secure services you don’t need a firewall. You only need a firewall if you don’t trust the applications that run on your system. If you don’t trust the applications running off your system, that is the root of the problem that needs to be addressed. Putting a firewall between every Windows machine and the internet is not the solution that will ultimately give better security.
Of course, all what I said stands only if I’m understanding the “newly strengthened firewall” correctly.
Anyone care to explain how this ‘newly strengthened firewall” is different from iptables or pf?
>jim, you are right about ping, it’s a very useful tool while it doesn’t have
>much impact on security
Wrong! the ping scan uses the ICMP protocol it looks very harmless at first glance but…
http://www.sys-security.com/archive/papers/ICMP_Scanning_v3.0.pdf
http://securitypronews.com/2003/1028.html
http://users.ece.gatech.edu/~owen/Academic/Internetwork_Security/Fa…
I think its very wise of MS to block all incoming ping scans.
what do you trust more:
1. a seratate machine acting as a firewall between your windows machine and the wilderness, running a proven operating system, or
2. a windows machine directly connected to the wilderness, running a firewall locally. just think how much malware can subvert and divert and reroute packets around the firewall stack on a windows OS.
is this a wild accusation? no its not – almost every other MS OS subsystem has been subverted locally.
t
You don’t need firewalls for corporate machines. You have a sysad for that to configure in your internet gateway/mail services/www/anything connected to the net. It would be ridiculous to turn on all those firewalls unless they make a group policy for automating desktop firewalls.
nd what about “inside” security than?
What are you going to protect from inside? Servers yeah they’re firewalled from within but desktops? That’s the job of network antivirus software.
ICMP is an important part of the TCP/IP stack for diagnostic purposes. There are other ways to find out if hosts are active or not. What you suggest would ultimately lead to the ultimate in network security: unplug the machine and cast it into a big block of concrete.
Firewalling is OK with me, as long as it doesn’t break the internet at large. Like one of the previous posters said: you only need a firewall if you don’t trust your applications or your operating system.
Ping is harmless, it only serves as an indicator whether a host is up or not. Pinging a broadcast address (Smurf attack) is nowadays properly handled. Only when there are insecure services on the exposed hosts will they be in any danger. Local security on Windows simply has to improve. You may remember the days of BackOrifice, Netbus and SubSeven. Those should not have been possible in the first place, but it can still be done. While *NIX operating systems have their faults, at least they’re a heck of a lot more difficult to put trojans in.
>That’s the job of network antivirus software.
Antivirus software does not help much against “smart” desktop users that
break in into other desktops and steal vital information. It happens every day. You would be amazed.
I think its very wise of MS to block all incoming ping scans.
No, it’s not. There are many ways to acheive the same without using ICMP Echos, and the ping itself is harmless (well, with recent Windows).
Complicating the work of the administrator is not a good security move.
Quentin Garnier.
> that’s the problem with MS, they are just overreacting because they not really know about security in the first place
Are you kind of dumb or what, MS is not a bunch of kids who are writing an operating system. When they are designing the security of course they work with security professionals. I totally agree about the ping but it is stupid to say they don’t know about it. They surely didnt design Windows security in mind but it is stupid to say they try implement security without even knowing what a security is…
>Ping is harmless
.
Have you actually read something about ICMP protocols and its potential
security risks? Everybody, including myself, are always dragging about MS and its security, than the do something wise/brave and again everybody is complaning again. Pffff…
I think it good of them to block the ICMP protocol. Period
for the record i do not use any MS nor will i do in my life but i am not denying the fact that MS is doing some good things.
>Ping is harmless
.
Have you actually read something about ICMP protocols and its potential
security risks? Everybody, including myself, are always dragging about MS and its security, than the do something wise/brave and again everybody is complaning again. Pffff…
Have you understood any of the articles you linked to in one of your previous posts? Maybe you should start actually reading what it is about.
I think it good of them to block the ICMP protocol. Period
Well, think as hard as you can. I certainly don’t like Microsoft either, but filtering ICMP Echo at station level is plain stupid. And for the home user, scanner usually don’t bother pinging anymore. Sending a TCP SYN packet is enough to know if a host is alive _and_ if some service is active on it.
Maybe I’m just feeding the troll.
for the record i do not use any MS nor will i do in my life but i am not denying the fact that MS is doing some good things.
Good for you. Some unfortunate people has to administrate Windows boxes as part of their work.
Quentin Garnier.
There are some bright people working at MS, but large corporations are kind of like the government. Just because something should be done does not mean it is easy to do. Engineers don’t have the say in the company to make changes like “ok, lets just turn off UPnP by default and let people who need it turn it on”
Changes to thinks like that have to come all the way from the top, mostly from people with degrees in business and marketing.
As we have all seen, it takes one disastrous vuln after another for these people to finally say to their engineers “ok we are going to do it your way”
The people at MS are not dumb, but its pretty aparrent at this point that their security process is flawed.
This is also not different with the default script mappings in IIS to things like .hta etc. with NT and 2000.
Despite nobody actually using these things, it took them like 8 years and hundreds of critical security problems to finally dissable the maping by default in 2k3 rather than jusk keep patching all the problems with it, one bug at a tme.
.hta a HTML application – Isn’t that a client thing?
Perhaps your thinking of .htc?
I think MS realisezes that, but nothing to do.
Because those “extensions” and “improvements” are in wide use even in cases where those shouldn’t be.
Imagine, to just install HP 3300C scanner driver(!) (and do scanning) HP requires from you not only IE installed, but, much worse (top of stupidy!) VB scripting (host) on.
So, until next generation of apps, which use new NET API consistently, replace current aps, and until MS totally remove backward compatibility with those flawed parts of old API – no real security possible.
All other is palliative, hack-patches and, partly, marketing.
So, welcome PURE Longhorn!
>Maybe I’m just feeding the troll.
Oh that is so easy if someone disagrees with you or defends their point of view its a troll. Fine with me but please do not reply on me then its a waste of your (precious) time.
I’m glad my entire corporation uses no Microsoft programs at all. The whole company hasn’t got a single product installed from MS, and it works just fine without them. I’m glad they’re starting to patch up their OS, but I feel sorry for the sysadmins that will have to take care of the problems that will arise. Coders will adapt to the environment : has something been totally open, you’ll make use of that. Now when you close it down, quite a few applications will most likely break.
Well, if patching the MS OS leads to sacrifices, why not sacrifice the MS OS instead. Might save some time in the future (e. g. when patches like Longhorn will cause troubles again)…
I wonder why 90% of the anti-MS rehtoric is from outside the USA?
If you don’t want ping off, turn it back on. Why would most of you care, you claim you don’t use or admin MS machines anyways?
Why would you want to ping Windows machines? Hmmmmmm.
Que? You don’t have to be european to see that there ARE flaws in what MS has done before. It’s also because of these “flaws” that MS got to be big, and it wasn’t a problem in the early 90’s. Now when it’s essential that these holes gets patched, they WILL run into problems of smaller or larger magnitude. That’s just how it is when you have something that is “broken by design” and you have to try and fix it afterwards with patches that radically change functionality of the OS.
This has nothing to do with being “outside of the USA” and if you think that, well.. There are scenarios where MS has the best offer (gaming, for example) but that is slowly starting to change, finally.
< I wonder why 90% of the anti-MS rehtoric is from outside the USA? >
It’s a time thing, or a huge big European conspiracy against good old American businesses. You may decide…
I have tested all of my applications on SP2 RC2 and so far I have had no problems with any of my older apps or any of my newer apps. Apache, MySQL, Oracle 8i,9i,10g, all work. The older version of JBoss 3.0.8 doesnt work but if you upgrade to the newer version it does. I think the number of incompatibilities will be few and far between.
>Well, if patching the MS OS leads to sacrifices, why not sacrifice the MS
>OS instead. Might save some time in the future (e. g. when patches like
> Longhorn will cause troubles again)..
I sure hope SP2 will break lots of things and will bring even more problems to the Windows platform. Its good for Mac and Linux to gain
ground in desktop country. I am not sure what to think about LongHorn
but i guess its the same in the end, old wine in new bottles..
I wonder why 90% of the anti-MS rehtoric is from outside the USA?
Cause we can’t be told “if you don’t like the US-system – leave”, you silly.
>Well, if patching the MS OS leads to sacrifices, why not sacrifice the MS
>OS instead. Might save some time in the future (e. g. when patches like
> Longhorn will cause troubles again)..
I sure hope SP2 will break lots of things and will bring even more problems to the Windows platform. Its good for Mac and Linux to gain
ground in desktop country. I am not sure what to think about LongHorn
but i guess its the same in the end, old wine in new bottles..
Bas, don’t make our country look ridiculous.
It would be very sad if Linux and Mac OS could only gain a larger userbase in the desktop world because of Microsoft’s flaws. A lot of people don’t realize that. What if MS does get it right with SP2 and Longhorn? According to your naive logic, that would mean the “end” (not as in: it’s over, but more as in: over with the growth) of Linux on the desktop. Think about it.
Alternatives to Microsoft should gain a foothold in the desktop market on their own strength, not by MS’ weaknesses.
//Alternatives to Microsoft should gain a foothold in the desktop market on their own strength, not by MS’ weaknesses.//
Well put. MS may be a pain the butt to deal with — but until a Linux-based OS comes along that is totally compatible with all the software I’ve already spent money on (and doesn’t make me jump through hoops to use it (i.e., WINE, etc.)) … I’ll put up with Microsoft.
Heck, my properly patched and consistently AV-updated XP box rarely gives me problems. And I do mean rarely.
Just my two cents.
Now Microsoft needs to take the next logical step, which is to force developers to stop making programs that will only run in administrative mode, and make users run in restricted mode by default.
Hello,
I am running SP2 RC2 on my laptop now.
There are Group Policy changes for allowing full configuration of Windows Firewall and Internet Explorer.
While IE is still completely unsafe, many corporations still have applications that depend on it, even if the web server sits on a UNIX box. The only way to administer enterprise-level amounts of IE was to use Internet Explorer Administration Kit before, which was a complete POS.
You can also configure the firewall via GPO to allow certain configurations, such as allowed/denied subnets. You can push these GPO changes out before you push out SP2.
SP2 makes administration of Windows boxes a little easier now.
“Companies brace for Microsoft update”
like waiting for a catastrophic event like an earthquate or psunami, or hurricane…
what’s gonna break this time…
Happy as a clam, I am;
No need to patch it – here or there;
No, no need to patch it – anywhere;
I do not like the patches – on my box;
It’s not in my house – which really rocks!
Heh.
Heck, my properly patched and consistently AV-updated XP box rarely gives me problems. And I do mean rarely.
Exactly. People say that a good reason for me to switch to Linux is because of all the problems I have with Windows. Of course, I could drive a truck through that logic because I have no problems with Windows. And when I say no problems, I mean zero … NONE. Runs smoother than a baby’s ass. If I can get this kind of performance without a lot of headaches and run apps in Linux at least the same level of functionality I have now, I would probably consider switching. To me personally, SP2 is more of an inconvenience than anything else, because I really don’t need it.
Ping is used by some viruses to do ping sweeeps of routers and firewalls so it makes sense to block it by default.
”
Exactly. People say that a good reason for me to switch to Linux is because of all the problems I have with Windows. Of course, I could drive a truck through that logic because I have no problems with Windows. And when I say no problems, I mean zero … NONE. Runs smoother than a baby’s ass. If I can get this kind of performance without a lot of headaches and run apps in Linux at least the same level of functionality I have now, I would probably consider switching. To me personally, SP2 is more of an inconvenience than anything else, because I really don’t need it.”
Agreed, I wish MS would release the patches separately but oh well…security center here I come :/
Ping is used by some viruses to do ping sweeeps of routers and firewalls so it makes sense to block it by default.
It just means that alternate methods will be used. The only service it will provide is the ability for admins and phone support to get headaches even faster.
Personally, I think they should of used something called common sense, which MS has never had. All they needed to do is ask:
o Is this computer directly connected to the Internet (no firewall, router)? If the answer is yes, enable the toughest firewall rules, including disabling ICMP.
o Is this computer part of a corporate network? If the answer is yes, enable ICMP.
o Does this computer use another computer or router to connect to the Internet? If the answer is yes, enable ICMP.
The vast majority of people are not going to be harmed by having ICMP enabled. Furthermore, most customers are not being properly serviced by having ICMP disabled. And easier, they could make the configuration dynamic, based on how and where the computer will be used. If MS really is about and easier/better user experience, here is their chance. This isn’t exactly rocket science and making just about everyone happy really could be as easy as pie. I guess we’ll see if MS plans on serving pie or their same old roadkill.
“It would be very sad if Linux and Mac OS could only gain a larger userbase in the desktop world because of Microsoft’s flaws. A lot of people don’t realize that. What if MS does get it right with SP2 and Longhorn? According to your naive logic, that would mean the “end” (not as in: it’s over, but more as in: over with the growth) of Linux on the desktop. Think about it. ”
———–
Then explain this all linux diehards.
http://www.zdnet.com.au/news/software/0,2000061733,39116229,00.htm
by the way. I am a fan of linux but not its security.
Exactly. People say that a good reason for me to switch to Linux is because of all the problems I have with Windows. Of course, I could drive a truck through that logic because I have no problems with Windows.
That may be true for you, but it’s still not true for the vast majority of Windows users. Granted, the user experience, stability and associated uptimes have been improving, but it’s yet to be rock solid. There really is not a single hole in that complaint. It’s a 100% legitimate complaint. Simple fact is, anyone that knows what they’re talking about, is laughing at your statement because it’s so completely false. Again, while Windows has gotten better and even continues to get better, it still has some serious, serious problems.
You need to remember that there is more to computing than clicking the pretty button and shutting down/rebooting daily. I can assure you, Microsoft has worked very hard to earn the bad-mouthing and verbal beatings that they get. Anyone the denies that MS has some serious warts, it simply not being truthful.
After all that, I seriously believe that this will mark MS’ *first REAL effort* at attempting to resolve their many, many security issues.
Then explain this all linux diehards.
Dumb admins. ZD has a very, very, very long history of getting everything absolutely wrong. No platform is immune to stupid admins. Having said that, just about every modern Linux distro, requires you to tell it which services you not only want to install, but also which to enable.
Added is the fact that people forget that what people tend to call “Linux” is really a kernel, X, your pick of a ton of window managers, and several THOUSAND applications. Last I heard, to get the same kind of statistics that ZD poorly throws around, you’d need to multiply MS’ stats by many orders of magnitude, which would once again, place MS fairing far, far worse than the cridible Linux distros.
As a rule of thumb, if it’s printed by ZD, chances are high its a half trust, completely false, inaccurate, misleading, or incompetent. In otherwords, there are many, more credible sources to get your information than from ZD. If you still refuse to do that, then PLEASE, take everything you read that is associated with ZD, with a large grain of salt.
That may be true for you, but it’s still not true for the vast majority of Windows users.
Of course not .. I’m just saying that I haven’t heard anybody make a compelling case for Linux on the desktop for the ‘technically astute’ Windows user. They go on and on about blue screens of death and security holes, perhaps not realizing that none of this applies to me. And even for those who it does apply to (which would be the majority of Windows users out there), the argument is still irrevalent because if they can’t even set up a Windows box properly (which is really braindead easy and takes about 1/10th the effort), what chance do they have in Linux? Even the ‘easy-as-pie’ distros which can be installed with 3 clicks don’t exactly set themselves up 100%.
When I say that my Windows boxes don’t crash, I’ve even had zealots argue with me about this .. like maybe it crashes all the time while I’m asleep and I just don’t know about it. Whatever.
====================================================================== ===
[…] until a Linux-based OS comes along that is totally compatible with all the software I’ve already spent money on (and doesn’t make me jump through hoops to use it (i.e., WINE, etc.)) … I’ll put up with Microsoft.
====================================================================== ===
The fact that WINE even works as well as it does is a freaking miracle and you ought to be thankful that someone has even bothered undertaking the huge endeavor it is to implement the Win32 API on an operating system that is completely different from Windows in pretty much every aspect.
Add to that the fact that Windows is full of special hacks to make individual applications work and you might see that it is not as simple as just reading the documentation on MSDN (which, as many here will attest to, is often incorrect anyway) on what a function will do.
So you are happy with Windows, and that is OK. Just don’t go bashing WINE or other projects because they don’t fit your needs. There are two acceptable things you can do:
1) Live with Windows and all deal with the problems and enjoy the benefits that it brings.
2) Switch to something else and deal with all the problems and enjoy the benefits that it brings.
What is completely unacceptable is to just sit down and say: “What you guys made available to me for free is not good enough!”
“Heck, my properly patched and consistently AV-updated XP box rarely gives me problems. And I do mean rarely.”
But therein lies the problem constantly patching, constantly updating. If you miss even one, if you’re late getting one or should (god-forbid) forget…Sasser will be waiting. As for the AV, it’s not legal extortion. The more worms there are, the more you need them, the more they can charge you per month. No thanks. Tired of playing this game with the worms, browser hijackers, bots, etc. Shouldn’t have to worry about this everytime I go online. What new malware horror is going to show up next…
I was going to just read these posts and not reply… but this made me do it…
Kasper said “What is completely unacceptable is to just sit down and say: “What you guys made available to me for free is not good enough!”
I do not agree
The guy might have specific needs and those needs might not be met. Moaning about it here will do no good, but telling the authors will.
This was supposed to be a discussion about a Windows update, not the strengths/weaknesses of Linux. What are you guys on ?
I do not have Windows anywhere near me, never will again… (well thats a lie, I have to use it at work), and when there is a Linux topic around, I will always be there passing remarks etc etc, but I try not to do it in a Windows topic.
Darius, I am glad you still enjoy using your Windows system and I wish you good luck with it in the future if you decide on SP2 or wait until Longhorn, I just hope you are passing on you wisdom about the system to everyone you know to get them to lock down their machines. Just never rule anything out. Someday we will get you to the darkside
[quote]But therein lies the problem constantly patching, constantly updating. If you miss even one, if you’re late getting one or should (god-forbid) forget…Sasser will be waiting.[/quote]
Uh, no .. that’s what firewalls are for. Do you use a firewall in your OS of choice? If you don’t, you should.
[quote]As for the AV, it’s not legal extortion. The more worms there are, the more you need them, the more they can charge you per month. No thanks.[/quote]
AFAIK, the cost of anti-virus software hasn’t really gone up in recent memory. Well, maybe if you buy Symantec, but there are plenty of alternatives out there. This isn’t really an issue since a) There are free virus scanners out there and b) If you choose to buy it, this is the only piece of software you’ll need to stay secure that will actually cost you money.
//The fact that WINE even works as well as it does is a freaking miracle//
A miracle? The fact that WINE locks up half the time, and it’s as slow as a tired turtle in a barrel of sawdust? Methinks thou art easily impressed.
// Just don’t go bashing WINE or other projects because they don’t fit your needs. //
My the Penguinistas are touchy. I didn’t come close to bashing WINE, I just alluded to the fact that it’s kinda clumsy to use, and it’s slow. Which are both facts.
//What is completely unacceptable is to just sit down and say: “What you guys made available to me for free is not good enough!”//
Right, right, especially since I PAID MONEY for RedHat 9 and Lindows OS when I was checking out Linux. My bad. I should realize that FREE SOFTWARE that I PAID FOR shouldn’t work right.
Ding! Thanks for playing. Next?
“Uh, no .. that’s what firewalls are for”
If Firewalls stopped worms or anything else, we wouldn’t need patches at all.
“AFAIK, the cost of anti-virus software hasn’t really gone up in recent memory.”
That’s not the point. I shouldn’t have to pay somebody else for protection. I ought to get that with Windows. At the risk of them getting sued again for Anti Trust, I think Anti Virus Software is one thing that should be included with an OS.
nah m8 I disagree
antivirus should not be included with the OS for 1 simple reason, users will then think they are immune to virus attacks and will simply ignore the threat
If a Firewall is the cyber equivalent of the Great Wall of China, why doesn’t it default to on in XP? Why does it have to be manually configured at all? Why isn’t it simply embedded in Dial Up Networking? Why does Microsoft have to come up with a new Firewall in SP2?
If a Firewall is the cyber equivalent of the Great Wall of China, why doesn’t it default to on in XP? Why does it have to be manually configured at all? Why isn’t it simply embedded in Dial Up Networking? Why does Microsoft have to come up with a new Firewall in SP2?
So what is your point? That Windows is insecure out of the box? Don’t think anybody is going to argue with you there. But having a firewall WILL protect you from most/all of these Windows worms.
“So what is your point?”
My original point is almost the same as yours. We were talking about priorities in picking an OS. You said the apps were most important, especially considering you need them for your business. All I was really saying was that I can make due with the apps that run on Linux/BSD. But that the internet security situation is my pet peeve. Thus, I’ve moved away from Windows.
It’s security through obscurity, not necessarily the best way to go, but the malware situation is just going to keep getting worse and worse, and here at work where I do have to worry about security, I like so many in here will have to hope that MS’s patches keep the worms at bay.
“antivirus should not be included with the OS for 1 simple reason, users will then think they are immune to virus attacks and will simply ignore the threat”
Well shouldn’t be that the long term goal of all OS makers…to make the average user if not immune than something approaching it to malware attacks?
>It would be very sad if Linux and Mac OS could only gain a
>larger userbase in the desktop world because of Microsoft’s
> flaws.
Why? its an valid point to choose an OS. If product B is of a lower quality people eventually use product A because of its quality and not its package.
>A lot of people don’t realize that. What if MS does get it
>right with SP2 and Longhorn?
😉 they won’t.
Some people sure try to make an impression on others that SP2 is some kind of Y2K.
To all these doomsday storytellers here is my prediction: SP2 will end up like Y2K did- uneventful.
“antivirus should not be included with the OS for 1 simple reason, users will then think they are immune to virus attacks and will simply ignore the threat”
Well shouldn’t be that the long term goal of all OS makers…to make the average user if not immune than something approaching it to malware attacks?
No, my point was this… the users THINK they are immune when they get antivirus installed… They are actually not immune as new varients are released everyday.
Some people would ignore the threats of new virus’s because their OS manufacture gave then an Antivirus. How many Windows users do you know who update their OS regularly ?